567 293
Full Length Article
Volume 4 , Issue 2 : Special Issue-RIDAPPH, PP: 5- 15 , 2021


A review into the evolution of HIPAA in response to evolving technological environments

Authors Names :   Abhishek P. Patil1   1 *     Neelika Chakrabarti 2   2  

1  Affiliation :  1School of Technology Management and Engineering, NMIMS University, Mumbai, INDIA

    Email :  abhishekpatil.nmims@gmail.com

2  Affiliation :  2 School of Technology Management and Engineering, NMIMS University, Mumbai, INDIA

    Email :  neelikachakrabarti.nmims@gmail.com

Doi   :  DOI: 10.5281/zenodo.4014219

Received: May 27, 2020 Revised: July 21, 2020 Accepted: August 24, 2020

Abstract :



The Health Insurance Portability and Accountability Act of 1996 was brought in to serve as a legislation that could essentially assist in reorganizing the flow of healthcare information, prescribing how sensitive medical data stored with healthcare/insurance firms should be protected from stealing and tampering. It has served as a pioneer in the world of privacy in healthcare and set one of the earliest benchmarks for any legal instruments regarding the storing and dissemination of medical information in the form of electronic health records. The HITECH act of 2009 and the HIPAA omnibus rule of 2013 further cemented the use of standardized frameworks which can help control, reduce and track any possible breaches of confidentiality and integrity of such personal information. This paper explores the content, reasoning, and timeline of the HIPAA act and the impact it creates on the health information technology sector. It also explains the challenges that are faced in the implementation of the policy and gives a holistic perspective of the rights and responsibilities of each stakeholder involved.


Keywords :


HIPAA , Data Privacy , Healthcare , Insurance , Insuritech , EHR , Policy , Medical Data


References :

[1] Kwon, Juhee, and M. Eric Johnson. "Protecting patient data-the economic perspective of healthcare security." IEEE Security & Privacy 13, no. 5 (2015): 90-95.

[2] Piliouras, Teresa, Xin Tian, Dhaval Desai, Avani Patel, Dhara Shah, Yang Su, Pui Lam Yu, and Nadia Sultana. "Impacts of legislation on electronic health records systems and security implementation." In 2012 IEEE Long Island Systems, Applications and Technology Conference (LISAT), pp. 1-7. IEEE, 2012.

[3] Hu, Jiankun, Hsiao-Hwa Chen, and Ting-Wei Hou. "A hybrid public key infrastructure solution (HPKI) for HIPAA privacy/security regulations." Computer Standards & Interfaces 32, no. 5-6 (2010): 274-280.

[4]Ness, Roberta B., and Joint Policy Committee. "Influence of the HIPAA privacy rule on health research." Jama 298, no. 18 (2007): 2164-2170.

[5]Benitez, Kathleen, and Bradley Malin. "Evaluating re-identification risks with respect to the HIPAA privacy rule." Journal of the American Medical Informatics Association 17, no. 2 (2010): 169-177.

[6]Lee, Wei-Bin, and Chien-Ding Lee. "A cryptographic key management solution for HIPAA privacy/security regulations." IEEE Transactions on Information Technology in Biomedicine 12, no. 1 (2008): 34-41.

[7]Annas, George J. "HIPAA regulations—a new era of medical-record privacy?." (2003): 1486-1490.

[8]Gostin, Lawrence O., and Sharyl Nass. "Reforming the HIPAA privacy rule: safeguarding privacy and promoting research." Jama 301, no. 13 (2009): 1373-1375.

[9]Murray, Tracey L., Mona Calhoun, and Nayna C. Philipsen. "Privacy, confidentiality, HIPAA, and HITECH: implications for the health care practitioner." The Journal for Nurse Practitioners 7, no. 9 (2011): 747-752.

[10]Kempfert, Amy E., and Benjamin D. Reed. "Health care reform in the United States: HITECH Act and HIPAA privacy, security, and enforcement issues." FDCC Quarterly 61, no. 3 (2011): 240.

[11]Koeninger, Kelly, Robinson Bradshaw, P. A. Hinson, and John Conley. "International Health Data: How HIPAA Interacts with the EU GDPR."

[12]Health Insurance Portability and Accountability Act.